Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-23058

A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.

Published

2025-02-04T18:15:35.423

Last Modified

2025-03-28T17:55:42.650

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-1390

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	arubanetworks	clearpass_policy_manager	< 6.11.10	Yes
Application	arubanetworks	clearpass_policy_manager	< 6.12.4	Yes

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US Vendor Advisory ([email protected])